/*===========================================================================* * do_safememset * *===========================================================================*/ int do_safememset(struct proc *caller, message *m_ptr) { /* Implementation of the do_safememset() kernel call */ /* Extract parameters */ endpoint_t dst_endpt = m_ptr->SMS_DST; endpoint_t caller_endpt = caller->p_endpoint; cp_grant_id_t grantid = m_ptr->SMS_GID; vir_bytes g_offset = m_ptr->SMS_OFFSET; int pattern = m_ptr->SMS_PATTERN; size_t len = (size_t)m_ptr->SMS_BYTES; struct proc *dst_p; endpoint_t new_granter; static vir_bytes v_offset; int r; if (dst_endpt == NONE || caller_endpt == NONE) return EFAULT; if (!(dst_p = endpoint_lookup(dst_endpt))) return EINVAL; if (!(priv(dst_p) && priv(dst_p)->s_grant_table)) { printf("safememset: dst %d has no grant table\n", dst_endpt); return EINVAL; } /* Verify permission exists, memset always requires CPF_WRITE */ r = verify_grant(dst_endpt, caller_endpt, grantid, len, CPF_WRITE, g_offset, &v_offset, &new_granter); if (r != OK) { printf("safememset: grant %d verify failed %d", grantid, r); return r; } return vm_memset(caller, new_granter, v_offset, pattern, len); }
/*==========================================================================* * do_umap_remote * *==========================================================================*/ int do_umap_remote(struct proc * caller, message * m_ptr) { /* Map virtual address to physical, for non-kernel processes. */ int seg_type = m_ptr->CP_SRC_SPACE & SEGMENT_TYPE; int seg_index = m_ptr->CP_SRC_SPACE & SEGMENT_INDEX; vir_bytes offset = m_ptr->CP_SRC_ADDR; int count = m_ptr->CP_NR_BYTES; int endpt = (int) m_ptr->CP_SRC_ENDPT; endpoint_t grantee = (endpoint_t) m_ptr->CP_DST_ENDPT; int proc_nr, proc_nr_grantee; int naughty = 0; phys_bytes phys_addr = 0, lin_addr = 0; struct proc *targetpr; /* Verify process number. */ if (endpt == SELF) proc_nr = _ENDPOINT_P(caller->p_endpoint); else if (! isokendpt(endpt, &proc_nr)) return(EINVAL); targetpr = proc_addr(proc_nr); /* Verify grantee endpoint */ if (grantee == SELF) { grantee = caller->p_endpoint; } else if (grantee == NONE || grantee == ANY || seg_index != MEM_GRANT || !isokendpt(grantee, &proc_nr_grantee)) { return EINVAL; } /* See which mapping should be made. */ switch(seg_type) { case LOCAL_SEG: phys_addr = lin_addr = umap_local(targetpr, seg_index, offset, count); if(!lin_addr) return EFAULT; naughty = 1; break; case LOCAL_VM_SEG: if(seg_index == MEM_GRANT) { vir_bytes newoffset; endpoint_t newep; int new_proc_nr; cp_grant_id_t grant = (cp_grant_id_t) offset; if(verify_grant(targetpr->p_endpoint, grantee, grant, count, 0, 0, &newoffset, &newep) != OK) { printf("SYSTEM: do_umap: verify_grant in %s, grant %d, bytes 0x%lx, failed, caller %s\n", targetpr->p_name, offset, count, caller->p_name); proc_stacktrace(caller); return EFAULT; } if(!isokendpt(newep, &new_proc_nr)) { printf("SYSTEM: do_umap: isokendpt failed\n"); return EFAULT; } /* New lookup. */ offset = newoffset; targetpr = proc_addr(new_proc_nr); seg_index = D; } if(seg_index == T || seg_index == D || seg_index == S) { phys_addr = lin_addr = umap_local(targetpr, seg_index, offset, count); } else { printf("SYSTEM: bogus seg type 0x%lx\n", seg_index); return EFAULT; } if(!lin_addr) { printf("SYSTEM:do_umap: umap_local failed\n"); return EFAULT; } if(vm_lookup(targetpr, lin_addr, &phys_addr, NULL) != OK) { printf("SYSTEM:do_umap: vm_lookup failed\n"); return EFAULT; } if(phys_addr == 0) panic("vm_lookup returned zero physical address"); break; default: printf("umap: peculiar type\n"); return EINVAL; } if(vm_running && vm_lookup_range(targetpr, lin_addr, NULL, count) != count) { printf("SYSTEM:do_umap: not contiguous\n"); return EFAULT; } m_ptr->CP_DST_ADDR = phys_addr; if(naughty || phys_addr == 0) { printf("kernel: umap 0x%x done by %d / %s, pc 0x%lx, 0x%lx -> 0x%lx\n", seg_type, caller->p_endpoint, caller->p_name, caller->p_reg.pc, offset, phys_addr); printf("caller stack: "); proc_stacktrace(caller); } return (phys_addr == 0) ? EFAULT: OK; }
/*===========================================================================* * do_vumap * *===========================================================================*/ int do_vumap(struct proc *caller, message *m_ptr) { /* Map a vector of grants or local virtual addresses to physical addresses. * Designed to be used by drivers to perform an efficient lookup of physical * addresses for the purpose of direct DMA from/to a remote process. */ endpoint_t endpt, source, granter; struct proc *procp; struct vumap_vir vvec[MAPVEC_NR]; struct vumap_phys pvec[MAPVEC_NR]; vir_bytes vaddr, paddr, vir_addr; phys_bytes phys_addr; int i, r, proc_nr, vcount, pcount, pmax, access; size_t size, chunk, offset; endpt = caller->p_endpoint; /* Retrieve and check input parameters. */ source = m_ptr->VUMAP_ENDPT; vaddr = (vir_bytes) m_ptr->VUMAP_VADDR; vcount = m_ptr->VUMAP_VCOUNT; offset = m_ptr->VUMAP_OFFSET; access = m_ptr->VUMAP_ACCESS; paddr = (vir_bytes) m_ptr->VUMAP_PADDR; pmax = m_ptr->VUMAP_PMAX; if (vcount <= 0 || pmax <= 0) return EINVAL; if (vcount > MAPVEC_NR) vcount = MAPVEC_NR; if (pmax > MAPVEC_NR) pmax = MAPVEC_NR; /* Convert access to safecopy access flags. */ switch (access) { case VUA_READ: access = CPF_READ; break; case VUA_WRITE: access = CPF_WRITE; break; case VUA_READ|VUA_WRITE: access = CPF_READ|CPF_WRITE; break; default: return EINVAL; } /* Copy in the vector of virtual addresses. */ size = vcount * sizeof(vvec[0]); if (data_copy(endpt, vaddr, KERNEL, (vir_bytes) vvec, size) != OK) return EFAULT; pcount = 0; /* Go through the input entries, one at a time. Stop early in case the output * vector has filled up. */ for (i = 0; i < vcount && pcount < pmax; i++) { size = vvec[i].vv_size; if (size <= offset) return EINVAL; size -= offset; if (source != SELF) { r = verify_grant(source, endpt, vvec[i].vv_grant, size, access, offset, &vir_addr, &granter); if (r != OK) return r; } else { vir_addr = vvec[i].vv_addr + offset; granter = endpt; } okendpt(granter, &proc_nr); procp = proc_addr(proc_nr); /* Each virtual range is made up of one or more physical ranges. */ while (size > 0 && pcount < pmax) { chunk = vm_lookup_range(procp, vir_addr, &phys_addr, size); if (!chunk) { /* Try to get the memory allocated, unless the memory * is supposed to be there to be read from. */ if (access & CPF_READ) return EFAULT; /* This call may suspend the current call, or return an * error for a previous invocation. */ return vm_check_range(caller, procp, vir_addr, size); } pvec[pcount].vp_addr = phys_addr; pvec[pcount].vp_size = chunk; pcount++; vir_addr += chunk; size -= chunk; } offset = 0; } /* Copy out the resulting vector of physical addresses. */ assert(pcount > 0); size = pcount * sizeof(pvec[0]); r = data_copy_vmcheck(caller, KERNEL, (vir_bytes) pvec, endpt, paddr, size); if (r == OK) m_ptr->VUMAP_PCOUNT = pcount; return r; }
/*===========================================================================* * do_sdevio * *===========================================================================*/ PUBLIC int do_sdevio(struct proc * caller, message *m_ptr) { vir_bytes newoffset; endpoint_t newep; int proc_nr; endpoint_t proc_nr_e = m_ptr->DIO_VEC_ENDPT; vir_bytes count = m_ptr->DIO_VEC_SIZE; long port = m_ptr->DIO_PORT; phys_bytes phys_buf; int i, req_type, req_dir, size, nr_io_range; struct priv *privp; struct io_range *iorp; struct proc *destproc; int retval; /* Allow safe copies and accesses to SELF */ if ((m_ptr->DIO_REQUEST & _DIO_SAFEMASK) != _DIO_SAFE && proc_nr_e != SELF) { static int first= 1; if (first) { first= 0; printf("do_sdevio: for %d, req %d\n", m_ptr->m_source, m_ptr->DIO_REQUEST); } } /* Check if process endpoint is OK. * A driver may directly provide a pointer to a buffer at the user-process * that initiated the device I/O. Kernel processes, of course, are denied. */ if (proc_nr_e == SELF) proc_nr = _ENDPOINT_P(caller->p_endpoint); else if(!isokendpt(proc_nr_e, &proc_nr)) return(EINVAL); if (iskerneln(proc_nr)) return(EPERM); /* Extract direction (in or out) and type (size). */ req_dir = m_ptr->DIO_REQUEST & _DIO_DIRMASK; req_type = m_ptr->DIO_REQUEST & _DIO_TYPEMASK; /* Check for 'safe' variants. */ if((m_ptr->DIO_REQUEST & _DIO_SAFEMASK) == _DIO_SAFE) { /* Map grant address to physical address. */ if(verify_grant(proc_nr_e, caller->p_endpoint, (cp_grant_id_t) m_ptr->DIO_VEC_ADDR, count, req_dir == _DIO_INPUT ? CPF_WRITE : CPF_READ, (vir_bytes) m_ptr->DIO_OFFSET, &newoffset, &newep) != OK) { printf("do_sdevio: verify_grant failed\n"); return EPERM; } if(!isokendpt(newep, &proc_nr)) return(EINVAL); destproc = proc_addr(proc_nr); if ((phys_buf = umap_local(destproc, D, (vir_bytes) newoffset, count)) == 0) { printf("do_sdevio: umap_local failed\n"); return(EFAULT); } } else { if(proc_nr != _ENDPOINT_P(caller->p_endpoint)) { printf("do_sdevio: unsafe sdevio by %d in %d denied\n", caller->p_endpoint, proc_nr_e); return EPERM; } /* Get and check physical address. */ if ((phys_buf = umap_local(proc_addr(proc_nr), D, (vir_bytes) m_ptr->DIO_VEC_ADDR, count)) == 0) return(EFAULT); destproc = proc_addr(proc_nr); } /* current process must be target for phys_* to be OK */ switch_address_space(destproc); switch (req_type) { case _DIO_BYTE: size= 1; break; case _DIO_WORD: size= 2; break; case _DIO_LONG: size= 4; break; default: size= 4; break; /* Be conservative */ } privp= priv(caller); if (privp && privp->s_flags & CHECK_IO_PORT) { port= m_ptr->DIO_PORT; nr_io_range= privp->s_nr_io_range; for (i= 0, iorp= privp->s_io_tab; i<nr_io_range; i++, iorp++) { if (port >= iorp->ior_base && port+size-1 <= iorp->ior_limit) break; } if (i >= nr_io_range) { printf( "do_sdevio: I/O port check failed for proc %d, port 0x%x\n", m_ptr->m_source, port); retval = EPERM; goto return_error; } } if (port & (size-1)) { printf("do_devio: unaligned port 0x%x (size %d)\n", port, size); retval = EPERM; goto return_error; } /* Perform device I/O for bytes and words. Longs are not supported. */ if (req_dir == _DIO_INPUT) { switch (req_type) { case _DIO_BYTE: phys_insb(port, phys_buf, count); break; case _DIO_WORD: phys_insw(port, phys_buf, count); break; default: retval = EINVAL; goto return_error; } } else if (req_dir == _DIO_OUTPUT) { switch (req_type) { case _DIO_BYTE: phys_outsb(port, phys_buf, count); break; case _DIO_WORD: phys_outsw(port, phys_buf, count); break; default: retval = EINVAL; goto return_error; } } else { retval = EINVAL; goto return_error; } retval = OK; return_error: /* switch back to the address of the process which made the call */ switch_address_space(caller); return retval; }